Source evidence

Still seeing vulnerability issues

W4 Post List · support · 2023-04-16T11:16:00+00:00

W4 Post List plugin evidence original source source API

mixedsentiment

highseverity

0.94relevance

4replies

Evidence linked to opportunitycommercial context

Proof Health

Open evidence

Commercial opportunities need traceable source links before they are treated as build-worthy.

6 / 22 rows with source links

27.3% of this page's analysis has direct source links.

0 build-decision rows missing links

0 rows here require auditable proof before promotion.

16 rows with no attached evidence

0 rows have source counts but still need direct links.

Conversation

support

David Henry resolved

Hi there, I’ve been using this script for some time now, it’s great, but I still see XSS vulnerabilities, will there be a version 2.5.7 to fix it? D The page I need help with: [ log in to see the link] On patchstack, it says < 2.4.6 is vulnerable, and 2.4.6 is marked as fixed. Thanks Shazzard, I missed the “ < “. The site is now scanning clean. Thanks for your help. Hope you get unblocked soon 🙂 So 2.4.6 is safe to use, right? I am trying to install the plugin today but can’t find it in the repository. Thanks @catuyen Please contact WordPress plugin review team on that concern. I haven’t heard from them for over a month. They are the one who defines and maintain plugin vulnerabilities.

Commercial Context

Opportunity

agency visual QA and update safety

Shortcode visual QA and update safety for preventing client-site regressions before updates or edits go live

Buyer: site builders and agencies

Wedge: detect shortcode layout regressions, widget breakage, and client-visible update issues

Proof Blocked card complete market

Analysis

heuristic-v1

Summary: Still seeing vulnerability issues: users show security, bugs, support pain that may indicate a product gap.

Evidence quote: Still seeing vulnerability issues Hi there, I’ve been using this script for some time now, it’s great, but I still see XSS vulnerabilities, will there be a version 2.5.7 to fix it?

Affected feature: security

security bugs support setup

Plugin

API

W4 Post List

3.0K active installs · 195.3K downloads · rating 94.0

custom post type media post post list shortcode

Comments

4 shown

Shazzad Hossain Khan 2023-04-16T16:23:00+00:00

On patchstack, it says < 2.4.6 is vulnerable, and 2.4.6 is marked as fixed.

David Henry 2023-04-17T11:19:00+00:00

Thanks Shazzard, I missed the “ < “. The site is now scanning clean. Thanks for your help. Hope you get unblocked soon 🙂

catuyen 2023-04-29T04:50:00+00:00

So 2.4.6 is safe to use, right? I am trying to install the plugin today but can’t find it in the repository. Thanks

Shazzad Hossain Khan 2023-04-29T20:53:00+00:00

@catuyen Please contact WordPress plugin review team on that concern. I haven’t heard from them for over a month. They are the one who defines and maintain plugin vulnerabilities.